Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8273747

Grant JWS JavaFX apps access to Windows trust store

    XMLWordPrintable

Details

    • b01
    • Verified

    Backports

      Description

        A JNLP app that uses JavaFX (that uses <jfx:javafx-runtime version="2.2+"/> tag in its <resources> element) does not take into account certificates from Windows Certificate store.

        The JNLP app is hosted on a server that uses an SSL certificate that is issued by an internal Certification Authority (CA). When Java establishes the connection to the server, it cannot find a trusted root certificate and displays a security warning dialog with the message “The connection to this website is untrusted” and asks the user to confirm they trust the certificate.

        The root certificate of the CA is installed into "Trusted Root Certification Authorities" store in the Windows trust store.

        Regular Java Web Start apps (JNLP) as well as applets load the certificates from the Windows trust store and no security warning is displayed: the SSL certificate of the server is trusted because Java can find a trusted root certificate. It's the expected behaviour.

        But it does not happen if the app uses JavaFX.
        Only JavaFX apps are affected.

        Attachments

          Issue Links

            Activity

              People

                aivanov Alexey Ivanov
                shadowbug Shadow Bug
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: